Licenses for Everything

When it comes to software licensing, many seem to have their position all sorted out. Some are convinced that every restriction is wrong and that adding a license is a restriction. Others think that anyone who can stop software being open is in the wrong and that any license which doesn’t stop proprietary use is bad. A third group (particularly associated with 3D printing) is of the opinion that as things made by code are uncopyrightable, the code which makes it ought to be uncopyrightable too. When it comes to understanding open source licensing though, the problem with all these views is their emphasis on ownership.

In open source, the act of putting licenses on everything is never an act of aggression, of meddling or of unwanted control. No ownership is being claimed. Instead the open source license is a pre-emptive giving of permission. When possible problems or questions of ownership arise in the future, the answer is clear already, permission has been given.

Of course there are those who see this “stick a license on everything” approach as unnecessarily bureaucratic, preferring to simply proclaim that everything they produce is in the “public domain”. Unfortunately the concept is not one which is recognised in all parts of the world and continues to lead to legal confusion. By using OSI approved, open source licenses, you can guarantee the freedom to innovate without seeking permission first.

Read more in Simon’s InfoWorld column.

Was OpenSSL’s licensing responsible for the neglect that led to Heartbleed?

Addressing the question of why the OpenSSL project received such low levels of participation pre-Heartbleed, David A. Wheeler, an expert in government use of open source, suggests that it could be down to the choice of license. Within a longer work discussing many of the technical issues involved in addressing Heartbleed, Wheeler wrote:

I suspect that more code review and contributions would occur if OpenSSL used a standard widely used license 

Could it be that potential community members were put off engaging with OpenSSL simply on account of the licensing decision? Continue reading

GitHub, Black Duck, and the lower burden of OSS compliance

Earlier this week we saw the debut of GitHub’s new microsite At the same time, source code analysis specialist Black Duck revealed their analysis of GitHub projects. The analysis claims that 77% of GitHub projects have no declared license. A little digging needs to be done to properly understand this number though.  Continue reading

GitHub and Open Source Licenses

As Simon wrote last November, although GitHub is self-described as the “world’s largest open source community,” a significant number of the projects hosted there come with no rights whatsoever for you to use their code in an open source project. That’s because so many don’t include an OSI-approved open source license.  It seems as though someone at GitHub agrees with the view he put forward; yesterday they made a number of moves to rectify the situation. Continue reading

VP8 Safe For Open Source Use

A few weeks ago we put up a critique of Google’s proposed VP8 license. The associated article drew the attention of the Software Freedom Law Centre (SFLC), a law firm that provides pro bono support to the open source software community. Dialogue with the SFLC left Simon with a few important clarifications to make with regard to his article.

The key observation to take away is that the VP8 is in no way incompatible with open source licensing. The license is for the benefit of OEMs and patent holders who might otherwise get a bit twitchy. For most open source developers the VP8 license doesn’t need to be used.

Furthermore, the license includes a clause offering “release from past infringement”. This means that developers really don’t need to worry about using the license at all; in the unlikely situation that an MPEG-LA patent holder actually tried an attack on the basis of your VP8 implementation, you could then sign onto the license and cover yourself against those claims retrospectively. Read the full story in today’s InfoWorld article.

No EULA required

Open source software should not force acceptance of an End User License Agreement (EULA). In every context where an “EULA” is appropriately used, it’s describing the rights that an end-user and not a distributor is surrendering in return for the freedom to perform an act that would otherwise breach the copyright. The freedoms you need to use the software under open source licenses are granted unconditionally, and the freedoms you need to distribute and modify the software are conditioned on acts other than signalling acceptance of the license with a signature or a click-through.

I thus continue to assert that it is always unnecessary for open source software to present users with the license and demand an act of submission before proceeding. Demanding such an act is to be discouraged; it conditions users to believe that use of the software is subject to compliance actions.

There’s never a need for compliance or enforcement action on mere use (as opposed to distribution or modification). As has been written elsewhere, the freedom to use without seeking permission or proof of compliance is actually the key benefit of open source software and slavish recital of redundant EULA behaviour distracts users from this truth.